Staying Safe in Cyberspace

In May 2017, a ransomware attack of enormous scale hit businesses, organizations and institutions across the globe. Consequently, sensitive data within nearly 200,000 computers in more than 150 countries was held hostage by cyberthieves. Luckily, a resourceful security researcher stumbled on a “kill switch” that stopped the malicious actions of the malware and effectively halted the initial outbreak. Without his actions, this attack would have inflicted significantly more damage.

Chances are excellent that you and/or your business will someday be victimized by cybercrime—assuming that hasn’t already occurred. It seems like security used to be so simple. We’d lock our doors, set our alarms and rest easy, thinking we were safe. Now, cyberthreats present an entirely different security risk, and the damage they can cause – from the loss or corruption of sensitive data to financial losses, business interruption, identity theft and more – can literally alter the course of lives, and the fate of businesses, their employees, their customers and their clients.

At Lutz Tech, our team stays current with the latest cyber-hacks, scams, malware, and other invasive and harmful elements that threaten businesses and professionals alike. Cyberthreats may be diverse; preventive and reactive strategies may vary from business to business; and most cybersecurity experts agree that breaches of personal or business assets are all but inevitable. Still, the good news is that you can take steps to prevent and minimize cyberbreach events, as well as mitigate the damage when breach events do occur.

Cybersecurity for your business, as well as for you individually, starts with understanding cyberthreats and prevention measures in four primary areas.

1) Phishing

WHAT IS IT

An attempt to gain access to privileged information (e.g., passwords, account access, money) by posing as a privileged user from an unauthorized account. Phishing attempts can result in malware intrusions, ransomware intrusions, and other unauthorized and unwanted access events.

WHAT TO DO

• Hover over links in an email to show the actual link.
• Call the sender to verify the request is legitimate.
• Establish policies that require authorization or extended validation with someone else before privileged information can be sent.

2) Account Security

WHAT IS IT

Security of accounts such as your network login and vendor accounts for company products and services.

WHAT TO DO

• Have a complex password for your accounts—the longer the better. As an example: Redtruck_wagonwheel81! This sample password contains at least one capital letter, two symbols (_ and !) and two numerals.
• Do not mix business passwords and personal passwords.
• Enable two-factor authentication for sensitive accounts that support it. This enables an authorization code to be generated for you to confirm when you log in.

3) Physical Security

WHAT IS IT

Keeping your devices away from unauthorized physical access.

WHAT TO DO

• Keep your laptops, work tablets, phones and data in your possession or in a locked storage device at all times.
• Do not plug flash drives into your PC/network without knowing who owns the device or what data could be present.
• Ask about getting any machines holding critical company (e.g., financial or personnel) data encrypted.

4) Personnel Security

WHAT IS IT

Security of yourself, co-workers and guests in the workplace.

WHAT TO DO

• When vendors are expected into the organization, inform the staff whom to expect. Verify that the guest is expected, and make sure you receive verification he/she is associated with the vendor.
• Watch for tailgaters. These are people following closely behind anyone with keyed access into areas not open to public visitors.
• Be cautious of people asking for the Wi-Fi password to a private network, or people trying to connect physically with a cable who have no authorized permission to do so.

Do you have questions about building comprehensive cybersecurity strategies for your business, or are you facing other IT challenges? Contact us today!